1. Field of the Invention
The present invention relates to a computer program product, system, and method for providing multiple authentication modules to authenticate users with respect to a system and file systems offered through the system.
2. Description of the Related Art
Cloud storage refers to data storage as a service where storage resources are provided to clients on demand. Cloud storage infrastructures support a multitude of users over geographically distributed storage resources. Users may archive and share data in a cloud storage facility. Users may use a file request protocol to access cloud based storage. Multiple users allocated a separate portion of the cloud based storage resources may be referred to as tenants. In a multi-tenant cloud computing environment, storage resources may be segregated for particular users and classes or groups of users.
Cloud environments may be implemented using enterprise storage solutions such as SONAS (Scale Out Network Attached Storage), offered by International Business Machines Corporation. SONAS permits configuration of storage as file systems that are designated to particular users or organizations, known as the tenant.
In cloud based storage environments, authentication of the tenants occurs with respect to a system-wide authentication with the data service provider. Tenants may restrict access to their specific storage resources by requiring authorization.
Authentication is a mechanism where the system securely identifies the users to determine whether the user is who they claim to be. Authentication mechanisms may include the use of plain text passwords, a Kerberos system, smartcards, etc. Authorization by contrast is a mechanism by which a system determines a level of access granted to a particular authenticated user by determining whether a particular authenticated user is permitted to access and perform operations with respect to resources.
One cloud storage service implementation configures a virtual machine for each tenant to control access to their storage resource, where each virtual machine may provide separate authentication so that access requests are routed to the tenant specific virtual machine for the storage resource.
There is a need in the art for improved techniques for authenticating tenants and user access to storage resources, such as cloud implemented storage.